[Systems] Reset Expired LDAP Password
James Cameron
quozl at laptop.org
Tue Sep 25 06:04:22 EDT 2018
Changing my password using ldap.sugarlabs.org failed with; "Can't
modify LDAP information."
Changing my password using ldappasswd from sunjammer shell prompt
seemed to work;
quozl at sunjammer:~$ ldappasswd -H ldap://127.0.0.1 -x -D "uid=quozl,ou=People,dc=sugarlabs,dc=org" -W -A -S
Old password: <oldpassword>
Re-enter old password: <oldpassword>
New password: <newpassword>
Re-enter new password: <newpassword>
Enter LDAP Password: <oldpassword>
quozl at sunjammer:~$
However shadowLastChange for me hasn't moved, so I'm not sure if it
really worked. Password authentication isn't enabled for SSH anyway.
Checking Ibiam's entry using ldapsearch;
$ ldapsearch -x -LLL uid=ibiamchihurumnaya
dn: uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org
uid: ibiamchihurumnaya
cn: Chihurumnaya Ibiam
sn: Ibiam
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 365
shadowWarning: 14
uidNumber: 837
gidNumber: 837
homeDirectory: /home/ibiamchihurumnaya
gecos: Chihurumnaya Ibiam
displayName: Chihurumnaya Ibiam
givenName: Chihurumnaya
loginShell: /bin/bash
mail: ibiamchihurumnaya at gmail.com
shadowLastChange: 17407 (29th August 2017)
Current date is beyond shadowLastChange plus shadowMax plus
shadowWarning, so the account is probably inactive and disabled.
Ibiam, is there some indication you have received to confirm that,
e.g. an "ssh -v" error?
I've tried changing Ibiam's password as root, but it prompts me for
Ibiam's old password, which I don't know.
sunjammer:~# ldappasswd -H ldap://127.0.0.1 -x -D "uid=ibiamchihurumnaya,ou=People,dc=sugarlabs,dc=org" -W -A -S
Old password:
I've found a procedure for changing the RootDN password for OpenLDAP,
but if I did that I'd need a secure way to communicate it to other
system administrators. It also looks hacky and prone to error, so I'm
not sure the procedure is correct.
https://www.digitalocean.com/community/tutorials/how-to-change-account-passwords-on-an-openldap-server
On Fri, Sep 21, 2018 at 02:35:07PM +0100, Chihurumnaya Ibiam wrote:
> Hi all,
>
> I recently complained about my sunjammer account as I haven't been able to
> login because my password is expired and using [1]ldap.sugarlabs.org I couldn't
> reset my password, and I've not been able to send emails from my @[2]
> sugarlabs.org address and my emails to the lists I'm subscribed to at [3]
> lists.sugarlabs.org gets bounced.
>
> Bernie asked for my gpg key and I gave it to him and I haven't had a reply
> since then, I've attached my gpg key here too. Thanks.
>
> --
>
> Ibiam Chihurumnaya
> [4]ibiamchihurumnaya at gmail.com
>
> References:
>
> [1] http://ldap.sugarlabs.org/
> [2] http://sugarlabs.org/
> [3] http://lists.sugarlabs.org/
> [4] mailto:ibiamchihurumnaya at gmail.com
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mQENBFuSob0BCADJhL3D92fOo3dzZVL9ehjRTqkKjCsq5HF7h27tQ9TPZ0SKoNlA
> B5arj7Fpf5rWpXfCqvnqcddEtxyJgDNVw0mkqkrE8b5GEEVibAKE3P9JrdMIsXP+
> v0VcmAKmfAKl1azXEw4vTpMCc/wTpYyw5CtNRxXY9oPUnU8M+MpgjyJlDD35PRqM
> w/K4P5/VRKAy0NVBvVq9JW3B5+Qb32cWvXBvMYKquAdFAfWfSqtXm2xzpSgWtxDa
> 2E8EkNCH4b2ldHs0AQmFxxhIVw+/JOxv5rgmHgbMu4gT0gwirohSeoT4bGYJS0Xd
> Z5esS2ziXVS+3exgZUXnfag6jSf9gv7qk3QvABEBAAG0MEliaWFtIENoaWh1cnVt
> bmF5YSA8aWJpYW1jaGlodXJ1bW5heWFAZ21haWwuY29tPokBVAQTAQgAPhYhBD/x
> zRDG2poX3z2LMD9hLWt6sZnJBQJbkqG9AhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
> AgMBAh4BAheAAAoJED9hLWt6sZnJEI4H/iZX0QRyCE/FSK453dkEh6a9ZFp/f6YS
> iQkvXRzRg+zN7GUZ96GihPCxAhQTcowpV1+ggEn2Th+ciQmYuuZkt5aObnFmnwRU
> Nzz3W9REYyz/1CNFbqeDBTXuD+yXYx0M3QDkwdjvir5Yf7CfbOVGQL7/v7DjlgVP
> MPLqtOqJGHvsW3sMC+i9SAhhk0Rx9ZqCOJceQzy7hvZcBL7V28oIBcmsyayW5A5D
> KfeUqS4CIdiHg5J2YjCqywoxGFvvRu4QXdvd1OyUcjz7Y+a3HpQwbm6tGlDWNk4q
> wJ4Iat0UEZRRSkEJZC9aNUGruEysLrBZMx047oWRJZP54m/8ZtJhkyK5AQ0EW5Kh
> vQEIAM1Q43bDn6BzUqolL3JB4EmSbdx/7vwz5HVTJOeiKOQJZhDl1xY8FLIKJKF+
> rO0DMluV0ebJCJ3zT/ls96mkImlP9TwLpREJoawfKgIPeZxMYkzxZ/609bxUGXRn
> V38AxqccJqErqkyRhisiXxZx/9xeG8ID2F9S5bzhsb7iMTto94sJh/Gva//3qs6o
> 34VNYWf/aHlIR5cutgMBorEW9OCZdLSVy6GZeeNRx5PmVkxjrEYCgvqZZO5XpzOX
> 4qY5ZKSAIKvZKXpL0wVeFdg4L+HgyKyMbcyDqBSbQBbqolFphNHmBTsbDQHBdq5+
> Df8Y8ziEdt5ztUmxcDxYFjhfoFEAEQEAAYkBPAQYAQgAJhYhBD/xzRDG2poX3z2L
> MD9hLWt6sZnJBQJbkqG9AhsMBQkDwmcAAAoJED9hLWt6sZnJXtQIALA1jSIFDJP5
> 2eEv3LNMhXfT5DCTUbkYE/qFk+zQD3ZVF+uJWTRZDabYiMLRXwX9TFNVm4XWcqRB
> 71n5Sgsi2Osa10bCrEHYtdOW1rwBKVJtaxsGigDF/rIvah5N01h1/rfsg7eI+z6o
> pjD9mcMlDyonL7h+tYvUcr8ACxa0uzZZi3TaE1D/nuJ/XIJQFGX1bpoWYqp/41HX
> itHOirq9ZRLRpqRVeM13Pa3N7S9KQQr2K6XhLsfMSJXdO/QvLMQgqtSlqxnQ5k3k
> StUUjXVuF5EtZe+MSIrqAJRSgVeok6M8HdHkwDSGocTfR6VumJI+ys6dPREhQGiP
> JSeiVJ+oqNs=
> =lcIl
> -----END PGP PUBLIC KEY BLOCK-----
--
James Cameron
http://quozl.netrek.org/
More information about the Systems
mailing list